I bumped into this issue while trying to create user document in Firestore after a new user is signed up using Firebase Authentication.
In user document, I want to include creationTime and lastSignInTime fields but found out that those fields are optional. That means I would have to make those fields in my user document optional as well but I am not quite convinced why they should be optional in the first place. I just cannot think of a case where those fields in metadata of User instance should be set as undefined when it is returned after successful sign up/in using Firebase Auth.
If there's no specific case where they're returned as undefined, I'm planning to make those fields in my user document as required fields, and throw error just in case they are returned as undefined.
For example using react-native-firebase:
try {
const { user } = await auth().signInAnonymously();
const {
metadata: { creationTime, lastSignInTime },
uid,
} = user;
if (creationTime == null) {
throw new TypeError('creationTime is returned as undefined');
}
if (lastSignInTime == null) {
throw new TypeError('lastSignInTime is returned as undefined');
}
await firestore().collection('user').doc(uid).set({
creationTime,
lastSignInTime,
// other fields
});
} catch (error) {
// handle error
}
But if not, then no choice but to have them as optional as well.
So wrapping up the question, is there any case where creationTime or lastSignInTime is set to undefined/null? Is it safe to just treat them as required fields?
(A similar issue is posted here but it's closed with no answer.)
I'm not sure about creationTime but lastSignInTime can be undefined/null if the sign-up has occurred but the user has not signed in yet. For example the user might have to complete email verification or something along those lines.
Related
I'm having trouble to convert an anonymous Firebase user to a registered user with email and password.
My code look's like this:
Future linkAnonymousAccount({
required String email,
required String password,
}) async {
try {
await _auth.currentUser!.linkWithCredential(
auth.EmailAuthProvider.credential(email: email, password: password),
);
// await refreshUser();
} on auth.FirebaseAuthException catch (e) {
throw LinkAnonymousAccountException(e.code);
}
}
It seem's like EmailAuthProvider.credential creates a new user (with new uuid and everything) instead of converting the current anonymous user.
So after creating an anonymous user with:
Future signInAnonymously() async {
try {
await _auth.signInAnonymously();
} on auth.FirebaseAuthException catch (e) {
throw SignInException(e.code);
}
}
And then calling the linkAnonymousAccount - method from above I get the following result in my firebase console:
But so I lose all user data like displayName and photoUrl and also all the data in my database (due to the different uuid's).
I'm not able to find a solution for this or an explanation why this is happening.
I found a video where this is not the case and the anonymous user is actually converted. But I use the same code as the guy in the video and get a different result.
Am I missing something? Has someone an explanation for this?
I have a project which uses firebase auth with firebaseUI to authenticate users. I have enabled Google, Facebook and email providers. What I need is to remotely logout or disable some of the users.
I want the users to logout from the app on doing so. I tried disabling the user in the firebase console and also used the firebase admin SDK (https://firebase.google.com/docs/auth/admin/manage-sessions) to revoke the refresh tokens.
I waited for more than 2 days and still noticed that the user was logged in and could access the firestore data.
I have also gone through and tried
Firebase still retrieving authData after deletion
Can anyone point to what I am doing wrong ?
You also cannot remotely force a user to be signed out. Any sign out will have to happen from the device that the user is signed in on.
There is no way to revoke an access token once that is minted. This means that even if you disable the user's account, they may continue to have access for up to an hour.
If that is too long, the trick (as also mentioned in my answer to the question you linked) is to maintain a list of blocked users in your database (or elsewhere) and then check against that in your security rules (or other authorization layer).
For example in the realtime database, you could create a list of blocked user's UIDs:
banned_uids: {
"uid1": true
"uid2": true
}
And then check against that in your security rules with:
".read": "auth.uid !== null && !root.child('banned_uids').child(auth.uid).exists()"
You can send a message data with FCM to force to log out.
For example, if the users use android application.
Save the FCM token in a collection in firebase Realtime.
configure the Android client app, in the service. LINK You have to make when receive a message with especial string, force to log out.
make the trigger you need in cloud functions, to send the data LINK when you need the user log out.
SUCCESS!
As per your scenarios, i assume that you need to make user logout when user is disabled.
Use One global variable to store TokenNo (might be in shared preference or sqlite):
Add following code to your manifest:
<service android:name=".YourFirebaseMessagingService">
<intent-filter>
<action android:name="com.google.firebase.MESSAGING_EVENT" />
</intent-filter>
</service>
Add following code in your
public class LogoutOntokenchange extends FirebaseMessagingService{
#Override
public void onNewToken (String token){
if(TokenNo=>1){ //if tokenNo >=1 means he already logged in
TokenNo=0;
FirebaseAuth.getInstance().signOut(); //Then call signout method
}
else{
TokenNo=1; //store token no in db
}
}
}
What Happens here:
When user logged in first time onNewToken is called then It goes into else then TokenNo is updated to 1 from 0.
When You disable any user then automatically token is refreshed.Then OnNewToken is called then TokenNo>=1 so user will be logged out.
NOTE: When user log in for first time i.e if TokenNo variable is not stored then store it as 0.
For reference: https://firebase.google.com/docs/reference/android/com/google/firebase/messaging/FirebaseMessagingService
The only way I can think about is adding a if-else block in your starting activity.
Store the that status of user (verified/banned/deleted) in Firebase Real-time database. Then retrieve the status of user at start of application and add the code:
if (currentUserStatus.equals("banned"))
{
currentUser.logout();
}
What I've done is I created for each user upon registration a Firestore document with the UID as document ID. In this document I store an array which stores all fcm tokens the individual user receives when logging into a new device. That way I always keep track where the user is logged in. When the user logs out manually the fcm token will be deleted from the document in Firestore as well as on the device.
In order to be able to log out the user everywhere they are signed in I did the following. When starting the app and once the user is logged in I start a snapshot listener that listens to all changes in the users document. As soon as there is a change I retrieve the new array of fcm tokens, search inside the array for the local current device fcm token. If found, I do nothing. If the fcm token is no longer in the array I will call the local logout method and go back to the login screen.
Here are the methods I used in swift on iOS. The closures (passOnMethod) will just trigger an unwind segue to the login view controller.
import Foundation
import Firebase
class FB_Auth_Methods {
let db = Firestore.firestore()
var listener: ListenerRegistration?
func trackLoginStatus(passOnMethod: #escaping () -> () ) {
listener?.remove()
if let loggedInUserA_UID = Auth.auth().currentUser?.uid {
listener = db.collection(K.FStore.collectionOf_RegisteredUsers_Name)
.document(loggedInUserA_UID)
.addSnapshotListener { (snapshotDocument, error) in
if let error = error {
print(error)
} else {
if let document = snapshotDocument {
if let data = document.data() {
if let fcmTokens = data[K.FStore.Users.fcmTokens] as? [String] {
print("Found the following tokens: \(fcmTokens)")
self.compareTokensAgainstCurrentDeviceToken(fcmTokens: fcmTokens, passOnMethod: { () in
passOnMethod()
})
}
}
}
}
}
}
}
func compareTokensAgainstCurrentDeviceToken(fcmTokens: [String], passOnMethod: #escaping () -> () ) {
InstanceID.instanceID().instanceID { (result, error) in
if let error = error {
print(error)
} else if let result = result {
if fcmTokens.contains(result.token) {
print("Token found, doing nothing")
} else {
print("Token no longer found, logout user")
do {
try Auth.auth().signOut()
InstanceID.instanceID().deleteID { error in
if let error = error {
print(error)
} else {
passOnMethod()
}
}
} catch let signOutError as NSError {
print (signOutError)
}
}
}
}
}
}
And here is the method I use when logging out the user everywhere but at the current device.
func deleteAllFcmTokensExceptCurrent(loggedInUserA: User, passOnMethod: #escaping () -> () ) {
InstanceID.instanceID().instanceID { (result, error) in
if let error = error {
print(error)
} else if let result = result {
let batch = self.db.batch()
let deleteAllFcmRef = self.db.collection(K.FStore.collectionOf_RegisteredUsers_Name).document(loggedInUserA.uid)
batch.updateData([K.FStore.Users.fcmTokens: FieldValue.delete()], forDocument: deleteAllFcmRef)
let updateFcmTokenRef = self.db.collection(K.FStore.collectionOf_RegisteredUsers_Name).document(loggedInUserA.uid)
batch.updateData([K.FStore.Users.fcmTokens: FieldValue.arrayUnion([result.token])], forDocument: updateFcmTokenRef)
batch.commit { (error) in
if let error = error {
print(error)
} else {
passOnMethod()
}
}
}
}
}
Not tested yet, as our backend programmer, who is in charge of setting up Firestore rules was gone for the day, but in theory this should work: (and it's something I'll test tomorrow)
Having a FirebaseAuth.AuthStateListener in charge of serving UI based on the status of the user
This combined with rules in firestore
match /collection
allow read: if isAuth();
Where isAuth is:
function isAuth() {
return request.auth.uid != null;
}
If the user is then disabled, while being logged in, whenever the user tries to read data from the collection, he should be denied, and a signOut() call should be made.
The AuthStateListener will then detect it, and sign the user out.
I'm currently developing a flutter app that requires users to register before using it. I use Firebase Authentication and would like to check whether an email is already registered in the app.
I know the easy way to do it is to catch the exception when using the createUserWithEmailAndPassword() method (as answered in this question). The problem is that I ask for the email address in a different route from where the user is registered, so waiting until this method is called is not a good option for me.
I think the best option would be to use the method fetchProvidersForEmail(), but I can't seem to make it work.
How do I use that method? Or is there a better option to know if an email is already registered?
The error raised is a PlatformException
so you can do something as follows-
try {
_firbaseAuth.createUserWithEmailAndPassword(
email: 'foo#bar.com',
password: 'password'
);
} catch(signUpError) {
if(signUpError is PlatformException) {
if(signUpError.code == 'ERROR_EMAIL_ALREADY_IN_USE') {
/// `foo#bar.com` has alread been registered.
}
}
}
The following error codes are reported by Firebase Auth -
ERROR_WEAK_PASSWORD - If the password is not strong enough.
ERROR_INVALID_EMAIL - If the email address is malformed.
ERROR_EMAIL_ALREADY_IN_USE - If the email is already in use by a different account.
There is no such fetchProvidersForEmail method anymore in the current version of the firebase auth package. The equivalent one is now fetchSignInMethodsForEmail method which I think would be the best option to handle this case without executing any unnecessary operation.
fetchSignInMethodsForEmail
In docs, it's stated that this method returns an empty list when no user found, meaning that no account holds the specified email address:
Returns a list of sign-in methods that can be used to sign in a given
user (identified by its main email address).
This method is useful when you support multiple authentication
mechanisms if you want to implement an email-first authentication
flow.
An empty List is returned if the user could not be found.
Based on this, we could create our own method like the following one:
// Returns true if email address is in use.
Future<bool> checkIfEmailInUse(String emailAddress) async {
try {
// Fetch sign-in methods for the email address
final list = await FirebaseAuth.instance.fetchSignInMethodsForEmail(emailAddress);
// In case list is not empty
if (list.isNotEmpty) {
// Return true because there is an existing
// user using the email address
return true;
} else {
// Return false because email adress is not in use
return false;
}
} catch (error) {
// Handle error
// ...
return true;
}
}
I think the only possibility from within the app is attempting a login (signInWithEmailAndPassword) with that e-mail and check the result.
If it's invalid password, the account exists.
If it's invalid account, the account do not exist.
Error 17011
There is no user record corresponding to this identifier. The user may have been deleted
Error 17009
The password is invalid or the user does not have a password
As this is a kind of an ugly solution, you can justify this additional call using it to check it the e-mail formatting is correct (according to the firebase rules). If it doesn't comply it will throw a address is badly formatted and you can alert the user soon enough.
You can do these checks using the error codes with current versions of the plug-in.
There are many ways you can do that. As Sakchham mentioned, you could use that method. There is another method you could use which in my opinion is better and safer.
Since the password value will return ERROR_WEAK_PASSWORD, it is a create account method which you are calling which means that it's possible an account will be created if the account doesn't exist, in that case, I recommend personally using the sign in with email method.
I used this code below:
Future<dynamic> signIn(String email) async {
try {
auth = FirebaseAuth.instance;
await auth.signInWithEmailAndPassword(email: email, password: 'password');
await auth.currentUser.reload();
return true;
} on FirebaseAuthException catch (e) {
switch (e.code) {
case "invalid-email":
return 'Your username or password is incorrect. Please try again.';
break;
}
}
}
Leave down a comment if you have any suggestions.
I didn't think fetchProvidersForEmail() method is available in the firebase package. So we can show the appropriate message to the user. you can create more case if you need.
try {
await _auth.signInWithEmailAndPassword(
email: "Hello#worl.com",
password: "123456789"
);
} catch (e) {
print(e.code.toString());
switch (e.code) {
case "email-already-in-use":
showSnackBar(context,"This Email ID already Associated with Another Account.");
break;
}
}
Is there a way to check if email is verified through cloud functions
i.e. if I have a uid for the user, can I check if the email is verified for that particular user. In my use case, I need to make sure that email is verified before transaction is executed. I want to check it server side
Sample cloud function:
exports.executeTransaction = functions.https.onCall((data,context)=>{
const userid = context.auth.uid
//Check if email is verified
//I want to use context variable to somehow extract whether email is verified. Is there a way to do it ?
//Execute Transaction if email is verified
})
Never Mind, I managed to figure it out.
See following for anyone with similar issue:
exports.executeTransaction = functions.https.onCall((data,context)=>{
const userid = context.auth.uid
//Check if email is verified
return admin.auth().getUser(context.auth.uid).then(user => {
//Check if email verified
if(user.emailVerified)
{
return "Verified"
}
else{
console.log("User Email not verified")
return "Not Verified"
}
}).catch(function(err){
console.log(err)
throw new functions.https.HttpsError('Error Validating', err.message, err)
})
})
According to the docs, context includes decodedIdToken, which already contains an email_verified field.
Thus all you need to do is this:
exports.executeTransaction = functions.https.onCall((data, context) => {
const { token } = context.auth;
if (!token.firebase.email_verified)
throw new functions.https.HttpsError(
"failed-precondition",
"The function must be called while authenticated."
);
// ...do stuff
})
https://firebase.google.com/docs/reference/functions/functions.https#.CallableContext
https://firebase.google.com/docs/reference/admin/node/admin.auth.DecodedIdToken#email_verified
I have created a function which was previously working to store user details in the User node in my Firebase database. However upon trying it today it is now returning an error message saying
TypeError: Cannot read property 'uid' of null
The code I have written simply stores the auth.uid as a child of user and then within that node it stores all data of that user. As of Friday this worked for a few users but now it is now producing the above error message.
To fix this do I need to call the offAuth method upon logging out? If so, How would I go about this?
My code so far is below.
ref.onAuth(function(authData) {
ref.child('user').child(authData.uid).set(authData).then(function(auth) {
console.log('Data Saved Successfully!');
}).catch(function(error) {
console.log(error);
})
})
The onAuth() method is called whenever the authentication state of the user changes. This means that it is called both when the user is authenticated and when they get unauthenticated. In the latter case, the authData argument will be null and you have to handle that in your code.
From the Firebase documentation:
Use the onAuth() method to listen for changes in user authentication state.
var ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.onAuth(function(authData) {
if (authData) {
console.log("User " + authData.uid + " is logged in with " + authData.provider);
} else {
console.log("User is logged out");
}
});
You're missing that if in your code.